Android security recommendations

Turn on data encryption

Turning on Android-level data encryption means when the device is locked, no one can see the data. Unlocking your encrypted device decrypts your data. Encryption can add protection in case your device is stolen. It's an easier alternative to using encrypted forms that offer most of the benefits.

Tip

Encryption takes an hour or more to complete. Before you start, ensure that battery is charged and keep the device plugged in until encryption is complete. Make sure your data is backed up, just in case something goes wrong.

Warning

  • Interrupting encryption process may lead to loss of some or all of your data.
  • The process is irreversible. The device cannot be decrypted once the encryption is setup and you will have to wipe out all the data for decryption or removing encryption.

Note

For devices running any version older than 4, you’ll need to either upgrade your operating system or consult the manufacturer’s instructions.

For devices running Android version 4 or later:

  1. Open your device's Settings app.

    Image showing Settings app.
  2. Tap Lock screen in the Device section. Then tap on Screen lock and create a pin or password.

    Image showing Lock screen option in the Device section. Image showing Screen lock option. Image showing Pin and Password options.

    Note

    Encryption cannot be performed until you have setup either a PIN or a password lock. Pattern lock is not allowed with encryption.

    Tip

    Setting a strong passcode is imperative to protect your Android phone. The longer the passcode (or alphanumeric password), the tougher it will be for an attacker to gain access to your device. Even a lock screen won't necessarily prevent a thief or hacker from getting access to your data. You can use apps that destroy all the data after few failed attempts to unlock the device. For more details, see this.

  3. Tap Security in the System section.

    Image showing Security option in the System section.
  4. Go to Encryption section. Now select Encrypt device to start encryption. Follow the onscreen instructions. During encryption, your device might restart several times.

    Image showing Encrypt device option in the Encryption section.

    Note

    On some phones, you’ll need to choose Storage, then Storage encryption or Storage ‣ Lock screen and security ‣ Other security settings to find the Encrypt device option

Note

If you are using SD card for storage, you can encrypt that too by choosing Encrypt SD card in the Encryption section. This not only encrypts the contents of the SD card, but it also means that the card cannot be used on another device unless it is wiped.

Image showing Encrypt SD card option in the Encryption section.

Tip

You should also ensure that device debugging (via adb) is disabled when collecting data, as that can enable users to pull data from the device after it has been successfully booted (when the sdcard encryption key is entered). i.e., if the debugging interface is enabled, someone could steal the device, connect it to a laptop, and pull data off it as long as it has not been shut down as they don't need to successfully unlock the device's lock screen to gain access.

For more details on encryption, see this.

Adjust Google Play to require a password for every purchase

You can set up Google Play to require a password for every purchase, which makes sure that anything you buy is done so with your consent. This can prevent enumerators from installing apps which can bypass certain specified requirements.

  1. Open the Play store app, tap on the left-hand slide-out menu, and then choose Settings.

    Image showing Play store app. Image showing three horizontal bars. Tap on them to display slide-out menu. Image showing Settings option in menu.
  2. Look for Require password for purchases and tap on it. You'll be asked to input your password.

    Image showing Require password for purchases option. Image showing box where you will need to input a password.
  3. Choose the password input frequency as For all purchases through Google Play on this device.

    Image showing options for password input frequency: For all purchases through Google Play on this device, Every 30 minutes, Never.

Note

The password will not be set for free downloads. If you want to lock free downloads as well, use an app locking app like AppLock.

Disable cloud-based backup

Though storing your data in the cloud is good for backing it up, law enforcement can demand that Google turn over your data. The best way to keep your Android phone from sending your personal data to its servers is to turn off backup. The downside is if you lose your phone, you may lose your data. Remember, you always have the option to manually back-up to your personal computer.

To disable backup:

  1. Go to Settings app.

    Image showing Settings app.
  2. Then tap Backup & Reset in Personalisation section.

    Image showing Backup and reset option in the Personalisation section.
  3. Now switch off the option to Back up my data.

    Image showing Back up my data option. Image showing Backup turned off.

Limit who can use Google Now

Google Now is your own intelligence assistant by bringing information to you when you need it but that gives Google a lot of access to your data to know what to dig up. The best way to use it is by turning it off from the lock screen, so only you with your passcode can use the feature and get access to your personal data. The steps to do this are as follows:

  1. Open the Google app, tap on the left-hand slide-out menu, and then choose Settings.

    Image showing Google app. Image showing Google app menu. Image showing Settings option in the slide-out menu.
  2. Tap on Voice in the Search section and then choose 'OK Google' detection.

    Image showing Voice option in the Search section. Image showing OK Google detection option.
  3. Turn off the feature Say "OK Google" any time.

    Image showing OK Google feature turned off.

Lower your phone's sleep timeout

Lowering your phone's sleep timeout can prevent opportunistic people from getting access to your unlocked device. The lower the figure, the quicker it locks you out.

  1. Start by going to Settings app.

    Image showing Settings app.
  2. Tap on Display and wallpaper under the Device section.

    Image showing Display and wallpaper option in the Device section.
  3. Tap on Screen timeout and lower the screen timeout by choosing an appropriate timeout from the list.

    Image showing Screen timeout option. Image showing list of timeout to choose from.
  4. Once you've lowered your phone's sleep timeout setting, you need to make sure that your Android device locks and presents the lock screen when it wakes up. Tap on Lock screen in the Device section and then tap on Lock automatically option and choose an appropriate timeout again.

    Image showing Lock screen option in the Device section. Image showing Lock automatically option. Image showing list of timeout to choose from.

Limit your lock screen notifications

Your lock screen can show a lot about your life. Your Android phone or tablet can limit what's shown on the lock screen in order to prevent others' from seeing your personal content as it comes in.

  1. Go to Settings app then Tap on Sounds & notifications under the Device section.

    Image showing Settings app. Image showing Sounds and notifications option in the Device section.
  2. Scroll down and tap on Notifications on lock screen under the Notification section. You can change how notifications are shown when device is locked setting. The most privacy conscious setting is to Hide sensitive notification content so that you know which app is alerting you, without showing its contents.

    Image showing Notifications on lock screen option in the Notification section. Image showing options: Show content, Hide content, Do not show notifications.

Prevent unauthorized apps from installing

Android devices can run third-party content outside of the Google Play app store. This can open up a device to malware attacks.

The easiest way to ensure that only verified and malware-checked apps can be installed on your phone or tablet is:

  1. Go to the Settings app and then tap on Security in the System section.

    Image showing Settings app. Image showing Security option in the System section.
  2. Make sure that the Unknown sources option is turned off. If this option is turned on, installation of apps from trusted as well as unknown sources will be allowed.

    Image showing Unknown sources option turned off.

Make sure you keep Android up-to-date

Many Android phone makers will now offer monthly security patches to ensure that any known vulnerabilities will be patched. Install these patches every month. It's one of the best ways to ensure that you won't be attacked by hackers and malware.

  1. To periodically check for software updates, go to Settings app.

    Image showing Settings app.
  2. Then tap on About device under the System section.

    Image showing About device option in the System section. Image showing update information.